[openssl/openssl] ac22ad: gate calling of evp_method_id on having a non-zero...

Neil Horman noreply at github.com
Mon Jan 1 18:25:54 UTC 2024


  Branch: refs/heads/openssl-3.0
  Home:   https://github.com/openssl/openssl
  Commit: ac22ad6309cb6e8e425adb98ecbe870a15f19652
      https://github.com/openssl/openssl/commit/ac22ad6309cb6e8e425adb98ecbe870a15f19652
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2024-01-01 (Mon, 01 Jan 2024)

  Changed paths:
    M crypto/evp/evp_fetch.c
    M test/evp_extra_test2.c

  Log Message:
  -----------
  gate calling of evp_method_id on having a non-zero name id

If a name is passed to EVP_<OBJ>_fetch of the form:
name1:name2:name3

The names are parsed on the separator ':' and added to the store, but
during the lookup in inner_evp_generic_fetch, the subsequent search of
the store uses the full name1:name2:name3 string, which fails lookup,
and causes subsequent assertion failures in evp_method_id.

instead catch the failure in inner_evp_generic_fetch and return an error
code if the name_id against a colon separated list of names fails.  This
provides a graceful error return path without asserts, and leaves room
for a future feature in which such formatted names can be parsed and
searched for iteratively

Add a simple test to verify that providing a colon separated name
results in an error indicating an invalid lookup.

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Todd Short <todd.short at me.com>
(Merged from https://github.com/openssl/openssl/pull/23110)

(cherry picked from commit 94be985cbcc1f0a5cf4f172d4a8d06c5c623122b)




More information about the openssl-commits mailing list